According to ThreatPost, the attack that Hussain admitted to being involved with was a breach of the email account of one of Blair’s former advisers. Hussain, who used the handle “TriCk”, pleaded guilty in early July to the attack and was sentenced Tuesday in England to six months in prison for the attack. He was arrested in April.

Man’s cell phone battery catches fire, explodes in his back pocket

Credit: Elinor Mills, CNET – Click Image to News Article

Private phone network created called “NinjaTel”

NinjaTel phone network is part of a new initiative by hackers. They were giving them away at DEF CON to good contributors. Probably used as a play phone for hackers. Apparently, the initiative is based on a large unencrypted GSM network with a large open base transceiver station. With approximately 600 customized Android phones on the market, the phones are filled with silly apps and other apps that can help hackers.

Possible crack of PPTP encryption found

Tools were developed at the conference to crack PPTP encryption. Encryption specialist Moxie Marlinspike showed off his usual handiwork.

And that’s a wrap for this year’s DEF CON. Kudos!

Share this:

Like this:

Apparently, the new showy security threat is Rakshasa… At Black Hat Las Vegas, this new security technique was unveiled.

This new malware by researcher Jonathan Brossard is apparently ‘impossible to disinfect’.

Now, FIRST OF ALL!! – Anything created with man’s hands can be destroyed. I’d like to see this opinion last: undetectable, can’t be disinfected, etc.

The paper on Rakshasa can be found here. It describes a hardware backdoor. Unbeknownst to this artist researcher, companies like Kaspersky or ESET have already begun to craft hardware antivirus drivers. So, this backdoor hardware malware scheme is a bit late, but maybe just in time, too.

Will it be used? Who knows. That’s the scary part!

It is realistically a BIOSkit, a rootkit that infects the BIOS of the computer. What’s wrong with this…? It can be easily disinfected by flashing all of the devices of the computer, which apparently would be infected.

However, this malware has not been tested in an enterprise-based beta, which means just because it worked on a couple of machines does not mean it would work on any other computer. Impressive? Yes! But, not at all scary, yet.

What makes me more shocked, is that people will actually believe that this malware will not be able to be disinfected. But, this is the turnaround: it can be! This is nothing more than a BIOSkit, and we have seen BIOSkits removed in our leagues many times.

But, then again, people commonly believe rootkits are impossible to be removed too. Look…we proved them wrong!

By inflicting code signing for BIOS, just like all other hardware driver signing, can easily keep it blocked. Also, if BitLocker evolves in Windows 8 and further technologies, it could easily secure the OS. Also, things like device encryption, could be taken to a new level.

This is not a new vulnerability, and Brossard agrees.

I’m sure we’ll have more on this story as it develops in the future. Stay tuned to seCURE Connexion!

“As the Advanced Malware Analysts administrator/group owner, I see a lot of issues with people not updating Java, Flash Player, and Reader. These attack vectors were used 5 or so years ago, up until today. Still a complete problem. Problem is, people do not use great tools like Secunia PSI or the auto-update feature in each of the plugins’ control panels,” says Jay Pfoutz – administrator and group owner of the Advanced Malware Analysts. The Advanced Malware Analysts are a group of malware analysts whom volunteer on tech support forums across the web to assist in malware removal for free.

Exploitation frequently happens when people fail to update their plugins in a timely manner. Java plugin problems lately have increased because attackers are now targeting Java a lot more.

Here is how to check for the latest updates for Java (should be done weekly):

Click Start, navigate to Control Panel. Look for Java in the list, and double-click on that. Click the “Update” tab, and then click the “Check for Updates Automatically” check box if you want Java to search for updates automatically. Select how you want Java to notify you about available updates. Or you can hit the Update Now button. More info here

Like this:

[EMV] cards have malicious code written on their chips that gets executed when they get inserted into the terminals’ smart card readers.

The researchers used this method to install a racing game on one of the three test devices during their demonstration and played it using its PIN pad and display.

For the second device, the researchers used the same method to install a Trojan program designed to record card numbers and PINs. The recorded information was then extracted by inserting a different rogue card into the payment terminal.

The third payment terminal, which is popular in the U.S., is more sophisticated than the other two devices. It has a touchscreen to facilitate signature-based payments, a smart card reader, a SIM card to communicate over mobile networks, support for contactless payments, an USB port, an Ethernet port and an administration interface that can be accessed both locally and remotely.

Share this:

Like this:

Symantec (NASDAQ:SYMC) today announced that Enrique Salem, president and chief executive officer (CEO), has stepped down effective immediately and Symantec’s board of directors has appointed Steve Bennett president and chief executive officer, in addition to his continued role as chairman of the board.

About Steve Bennett

Steve Bennett joined Symantec’s board of directors in February 2010 and became chairman in 2011. Bennett previously led Intuit serving as president and chief executive officer from 2000 to 2007. At Intuit, Bennett combined the company’s historic innovative and customer-driven expertise with strategic and operational rigor. Intuit revenue grew to $2.7 billion in fiscal 2007 from less than $1 billion in fiscal 2000. Under Bennett’s leadership Intuit grew its existing businesses while simultaneously expanding into new markets, such as online banking and healthcare.